Vulnerability-Lookup

CVE-2026-21892 (GCVE-0-2026-21892)

Vulnerability from cvelistv5 – Published: 2026-01-08 14:02 – Updated: 2026-01-08 15:55

Title

Parsl Monitoring Visualization Vulnerable to SQL Injection

Summary

Parsl is a Python parallel scripting library. A SQL Injection vulnerability exists in the parsl-visualize component of versions prior to 2026.01.05. The application constructs SQL queries using unsafe string formatting (Python % operator) with user-supplied input (workflow_id) directly from URL routes. This allows an unauthenticated attacker with access to the visualization dashboard to inject arbitrary SQL commands, potentially leading to data exfiltration or denial of service against the monitoring database. Version 2026.01.05 fixes the issue.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/Parsl/parsl/security/advisorie…	x_refsource_CONFIRM
	https://github.com/Parsl/parsl/commit/013a928461e…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Parsl	parsl	Affected: < 2026.01.05

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21892",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-08T14:52:19.534618Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-08T15:55:18.188Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/Parsl/parsl/security/advisories/GHSA-f2mf-q878-gh58"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "parsl",
          "vendor": "Parsl",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2026.01.05"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Parsl is a Python parallel scripting library. A SQL Injection vulnerability exists in the parsl-visualize component of versions prior to 2026.01.05. The application constructs SQL queries using unsafe string formatting (Python % operator) with user-supplied input (workflow_id) directly from URL routes. This allows an unauthenticated attacker with access to the visualization dashboard to inject arbitrary SQL commands, potentially leading to data exfiltration or denial of service against the monitoring database. Version 2026.01.05 fixes the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-08T14:02:15.819Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/Parsl/parsl/security/advisories/GHSA-f2mf-q878-gh58",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Parsl/parsl/security/advisories/GHSA-f2mf-q878-gh58"
        },
        {
          "name": "https://github.com/Parsl/parsl/commit/013a928461e70f38a33258bd525a351ed828e974",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Parsl/parsl/commit/013a928461e70f38a33258bd525a351ed828e974"
        }
      ],
      "source": {
        "advisory": "GHSA-f2mf-q878-gh58",
        "discovery": "UNKNOWN"
      },
      "title": "Parsl Monitoring Visualization Vulnerable to SQL Injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-21892",
    "datePublished": "2026-01-08T14:02:15.819Z",
    "dateReserved": "2026-01-05T17:24:36.929Z",
    "dateUpdated": "2026-01-08T15:55:18.188Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-21892\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-01-08T14:15:57.553\",\"lastModified\":\"2026-01-08T18:08:18.457\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Parsl is a Python parallel scripting library. A SQL Injection vulnerability exists in the parsl-visualize component of versions prior to 2026.01.05. The application constructs SQL queries using unsafe string formatting (Python % operator) with user-supplied input (workflow_id) directly from URL routes. This allows an unauthenticated attacker with access to the visualization dashboard to inject arbitrary SQL commands, potentially leading to data exfiltration or denial of service against the monitoring database. Version 2026.01.05 fixes the issue.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"references\":[{\"url\":\"https://github.com/Parsl/parsl/commit/013a928461e70f38a33258bd525a351ed828e974\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/Parsl/parsl/security/advisories/GHSA-f2mf-q878-gh58\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/Parsl/parsl/security/advisories/GHSA-f2mf-q878-gh58\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"title\": \"Parsl Monitoring Visualization Vulnerable to SQL Injection\", \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-89\", \"lang\": \"en\", \"description\": \"CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)\", \"type\": \"CWE\"}]}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"LOW\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"version\": \"3.1\"}}], \"references\": [{\"name\": \"https://github.com/Parsl/parsl/security/advisories/GHSA-f2mf-q878-gh58\", \"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://github.com/Parsl/parsl/security/advisories/GHSA-f2mf-q878-gh58\"}, {\"name\": \"https://github.com/Parsl/parsl/commit/013a928461e70f38a33258bd525a351ed828e974\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/Parsl/parsl/commit/013a928461e70f38a33258bd525a351ed828e974\"}], \"affected\": [{\"vendor\": \"Parsl\", \"product\": \"parsl\", \"versions\": [{\"version\": \"\u003c 2026.01.05\", \"status\": \"affected\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-01-08T14:02:15.819Z\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Parsl is a Python parallel scripting library. A SQL Injection vulnerability exists in the parsl-visualize component of versions prior to 2026.01.05. The application constructs SQL queries using unsafe string formatting (Python % operator) with user-supplied input (workflow_id) directly from URL routes. This allows an unauthenticated attacker with access to the visualization dashboard to inject arbitrary SQL commands, potentially leading to data exfiltration or denial of service against the monitoring database. Version 2026.01.05 fixes the issue.\"}], \"source\": {\"advisory\": \"GHSA-f2mf-q878-gh58\", \"discovery\": \"UNKNOWN\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-21892\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-08T14:52:19.534618Z\"}}}], \"references\": [{\"url\": \"https://github.com/Parsl/parsl/security/advisories/GHSA-f2mf-q878-gh58\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-08T14:52:22.327Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-21892\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"GitHub_M\", \"dateReserved\": \"2026-01-05T17:24:36.929Z\", \"datePublished\": \"2026-01-08T14:02:15.819Z\", \"dateUpdated\": \"2026-01-08T15:55:18.188Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

GHSA-F2MF-Q878-GH58

Vulnerability from github – Published: 2026-01-06 18:04 – Updated: 2026-01-08 21:18

Summary

Parsl Monitoring Visualization Vulnerable to SQL Injection

Details

Affected Product: Parsl (Python Parallel Scripting Library)

Component: parsl.monitoring.visualization

Vulnerability Type: SQL Injection (CWE-89)

Severity: High (CVSS Rating Recommended: 7.5 - 8.6)

URL: https://github.com/Parsl/parsl/blob/master/parsl/monitoring/visualization/views.py

Summary

A SQL Injection vulnerability exists in the parsl-visualize component of the Parsl library. The application constructs SQL queries using unsafe string formatting (Python % operator) with user-supplied input (workflow_id) directly from URL routes. This allows an unauthenticated attacker with access to the visualization dashboard to inject arbitrary SQL commands, potentially leading to data exfiltration or denial of service against the monitoring database.

Root Cause Analysis

The vulnerability is located in parsl/monitoring/visualization/views.py. Multiple route handlers take the workflow_id parameter from the URL and inject it directly into a raw SQL query string without sanitization or parameterization.

Vulnerable Code Snippet 1

   query = """SELECT task.task_id, task.task_func_name, task.task_depends, status.task_status_name
               FROM task LEFT JOIN status
               ON task.task_id = status.task_id
               AND task.run_id = status.run_id
               AND status.timestamp = (SELECT MAX(status.timestamp)
                                       FROM status
                                       WHERE status.task_id = task.task_id and status.run_id = task.run_id
                                      )
               WHERE task.run_id='%s'""" % (workflow_id)

Vulnerable Code Snippet 2

df_task_tries = pd.read_sql_query("""SELECT ...
                                     WHERE task.task_id = try.task_id AND task.run_id='%s' and try.run_id='%s'"""
                                     % (workflow_id, workflow_id), db.engine) # <--- Vulnerable

Impact

Data Exfiltration: An attacker can use UNION based injection to dump the entire contents of the monitoring database, including potentially sensitive environment variables, task parameters, or host information logged by the monitoring system.

Access Control Bypass: By injecting boolean logic (e.g., ' OR '1'='1), an attacker could bypass specific workflow filters to view data they are not authorized to see.

Denial of Service: Time-based attacks or resource-intensive queries (e.g., randomblob) could crash the visualization server or the database.

Proof of Concept (PoC)

Prerequisites:

Parsl installed with monitoring enabled (pip install 'parsl[monitoring,visualization]').

A running parsl-visualize server serving a database with at least one recorded workflow.

Reproduction Steps:

Identify a valid workflow ID (or use a known ID like default-run or a UUID).

Navigate to the dag_group_by_states endpoint using the following manipulated URLs to confirm SQL logic control (Boolean-based Blind SQLi).

Test 1: Boolean FALSE (Graph Disappears) Injecting a false condition (1=0) causes the query to return zero rows, resulting in an empty visualization.

http://<server>:8080/workflow/<VALID_ID>'%20AND%20'1'='0/dag_group_by_states

Test 2: Boolean TRUE (Graph Reappears) Injecting a true condition (1=1) restores the query logic, causing the graph to render correctly.

http://<server>:8080/workflow/<VALID_ID>'%20AND%20'1'='1/dag_group_by_states

Severity ?

5.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "parsl"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.01.05"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-21892"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-01-06T18:04:21Z",
    "nvd_published_at": "2026-01-08T14:15:57Z",
    "severity": "MODERATE"
  },
  "details": "**Affected Product:** Parsl (Python Parallel Scripting Library)\n\n**Component:** parsl.monitoring.visualization\n\n**Vulnerability Type:** SQL Injection (CWE-89)\n\n**Severity:** High (CVSS Rating Recommended: 7.5 - 8.6)\n\n**URL:** [https://github.com/Parsl/parsl/blob/master/parsl/monitoring/visualization/views.py]( https://github.com/Parsl/parsl/blob/master/parsl/monitoring/visualization/views.py)\n\n**Summary**\n\nA SQL Injection vulnerability exists in the parsl-visualize component of the Parsl library. The application constructs SQL queries using unsafe string formatting (Python % operator) with user-supplied input (workflow_id) directly from URL routes. This allows an unauthenticated attacker with access to the visualization dashboard to inject arbitrary SQL commands, potentially leading to data exfiltration or denial of service against the monitoring database.\n\n**Root Cause Analysis**\n\nThe vulnerability is located in parsl/monitoring/visualization/views.py. Multiple route handlers take the workflow_id parameter from the URL and inject it directly into a raw SQL query string without sanitization or parameterization.\n\nVulnerable Code Snippet 1 \n\n```\n   query = \"\"\"SELECT task.task_id, task.task_func_name, task.task_depends, status.task_status_name\n               FROM task LEFT JOIN status\n               ON task.task_id = status.task_id\n               AND task.run_id = status.run_id\n               AND status.timestamp = (SELECT MAX(status.timestamp)\n                                       FROM status\n                                       WHERE status.task_id = task.task_id and status.run_id = task.run_id\n                                      )\n               WHERE task.run_id=\u0027%s\u0027\"\"\" % (workflow_id)\n```\n\nVulnerable Code Snippet 2\n```\ndf_task_tries = pd.read_sql_query(\"\"\"SELECT ...\n                                     WHERE task.task_id = try.task_id AND task.run_id=\u0027%s\u0027 and try.run_id=\u0027%s\u0027\"\"\"\n                                     % (workflow_id, workflow_id), db.engine) # \u003c--- Vulnerable \n```\n\n**Impact**\n\n**Data Exfiltration:** An attacker can use UNION based injection to dump the entire contents of the monitoring database, including potentially sensitive environment variables, task parameters, or host information logged by the monitoring system.\n\n**Access Control Bypass:** By injecting boolean logic (e.g., \u0027 OR \u00271\u0027=\u00271), an attacker could bypass specific workflow filters to view data they are not authorized to see.\n\n**Denial of Service:** Time-based attacks or resource-intensive queries (e.g., randomblob) could crash the visualization server or the database.\n\n**Proof of Concept (PoC)**\n\n**Prerequisites:**\n\nParsl installed with monitoring enabled (pip install \u0027parsl[monitoring,visualization]\u0027).\n\nA running parsl-visualize server serving a database with at least one recorded workflow.\n\n**Reproduction Steps:**\n\nIdentify a valid workflow ID (or use a known ID like default-run or a UUID).\n\nNavigate to the dag_group_by_states endpoint using the following manipulated URLs to confirm SQL logic control (Boolean-based Blind SQLi).\n\nTest 1: Boolean FALSE (Graph Disappears)\nInjecting a false condition (1=0) causes the query to return zero rows, resulting in an empty visualization.\n\n`http://\u003cserver\u003e:8080/workflow/\u003cVALID_ID\u003e\u0027%20AND%20\u00271\u0027=\u00270/dag_group_by_states\n`\n\nTest 2: Boolean TRUE (Graph Reappears)\nInjecting a true condition (1=1) restores the query logic, causing the graph to render correctly.\n\n`http://\u003cserver\u003e:8080/workflow/\u003cVALID_ID\u003e\u0027%20AND%20\u00271\u0027=\u00271/dag_group_by_states\n`",
  "id": "GHSA-f2mf-q878-gh58",
  "modified": "2026-01-08T21:18:52Z",
  "published": "2026-01-06T18:04:21Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Parsl/parsl/security/advisories/GHSA-f2mf-q878-gh58"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21892"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Parsl/parsl/commit/013a928461e70f38a33258bd525a351ed828e974"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Parsl/parsl"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Parsl Monitoring Visualization Vulnerable to SQL Injection"
}

FKIE_CVE-2026-21892

Vulnerability from fkie_nvd - Published: 2026-01-08 14:15 - Updated: 2026-01-08 18:08

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/Parsl/parsl/commit/013a928461e70f38a33258bd525a351ed828e974
	security-advisories@github.com	https://github.com/Parsl/parsl/security/advisories/GHSA-f2mf-q878-gh58
	134c704f-9b21-4f2e-91b3-4a467353bcc0	https://github.com/Parsl/parsl/security/advisories/GHSA-f2mf-q878-gh58

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Parsl is a Python parallel scripting library. A SQL Injection vulnerability exists in the parsl-visualize component of versions prior to 2026.01.05. The application constructs SQL queries using unsafe string formatting (Python % operator) with user-supplied input (workflow_id) directly from URL routes. This allows an unauthenticated attacker with access to the visualization dashboard to inject arbitrary SQL commands, potentially leading to data exfiltration or denial of service against the monitoring database. Version 2026.01.05 fixes the issue."
    }
  ],
  "id": "CVE-2026-21892",
  "lastModified": "2026-01-08T18:08:18.457",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-01-08T14:15:57.553",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/Parsl/parsl/commit/013a928461e70f38a33258bd525a351ed828e974"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/Parsl/parsl/security/advisories/GHSA-f2mf-q878-gh58"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://github.com/Parsl/parsl/security/advisories/GHSA-f2mf-q878-gh58"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-21892 (GCVE-0-2026-21892)

GHSA-F2MF-Q878-GH58

FKIE_CVE-2026-21892

Tags

Sightings

Nomenclature